Protecting your Google account from phishing just got a whole lot easier with the announcement that any Android smartphone running Android 7 or higher can now be used as a physical security key for two-factor authentication (2FA).

The tech giant already provides a number of 2FA methods including Google Prompt but physical security keys have been proven by its own teams to be the most effective method of combating phishing.

Up until now, you could use Google's own Titan Security Key or those made by Yubico to secure your account but this requires you to bring an additional physical device with you at all times. 

Now with the announcement that you can use your Android smartphone as a security key, users will be able to securely access their Google accounts on Windows, Mac or Chrome OS using the device they already have on their person at all times.

Using your Android smartphone as a security key

To get started using your Android device as a security key, first you'll need to connect your smartphone to your computer using Bluetooth. Next you need to sign into your Google Account on the device and open your Google security settings on your computer. From there you need to select the option to add a security key and choose your smartphone from the list of devices.

Pixel 3 owners will be able to use the volume down button to activate their security key since Google has stored FIDO credentials inside the device's Titan M chip. On the other Android smartphones, you'll simply have to sign in and tap a button to activate your security key.

Currently the service is only available on Android devices and at this time it can only be used to login to Google services such as Gmail, G Suite and Google Cloud.

However, since the service uses the same protocols that a physical security key does, other companies could soon add support for it to their own services extending its functionality beyond Google.

Via The Verge